Cisco Firepower NGIPS Tuning and Best Practices
|
|
- Harold Perry
- 5 years ago
- Views:
Transcription
1
2 Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000
3 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be available until July 3, cs.co/ciscolivebot#cthcrt Cisco and/or its affiliates. All rights reserved. Cisco Public
4 Agenda Introduction Inspection Order Network Discovery Traffic to Not Inspect and Fast Path Base Intrusion Policies Variables Connection Events
5 Introduction
6 Cisco Learning Services Internet crime costs companies billions of dollars annually Where can you get official training on Firepower technologies? Cisco High Touch Delivery at We offer a 4-day ILT or Virtual course based on Firepower, where we cover everything from the ground up. Developed and delivered by Cisco High Tough Delivery in Advanced Services, we are the official place for all Firepower security training. Understanding how to profile attackers and defend network and data assets is essential Firepower Class offerings: Firepower200: 5-day course covering Firepower Threat Defense SSFIPS: 4-day course covering Firepower NGIPS Cisco Learning Services Security training will help protect your business s reputation, which is one of its most important assets Just ask if you would like additional information! To learn more about the Cisco Learning Services Security courses, visit CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7 Ask Yourself Am I sure I am properly configured? Am I optimally tuned? Could I improve my system performance, security posture, and reduce false positives? Let s look at a few of the most common misunderstandings and misconfigurations save yourself a call to support! We have 30 minutes. Lets begin! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 7
8 Understand The Order of Inspection
9 Firepower Order of Inspection Memorize This! Traffic Flow Security Intelligence SSL Access Control Further Inspection Malware & File Intrusion Inspect, block, or store files. Detect, block, and alert on files determined to be malware. IPS. Traffic inspection by Snort Rules looking for malicious traffic. Blocks: Blacklisted IPs, DNS, and URLs before inspection by ACP. Traffic blocked here never enters the later policies. Decrypts SSL traffic. Ability to block SSL traffic based on criteria. Decrypted traffic can be seen by the later policies. Firewall Component Inspect up to Layer 7. Make Block, Inspect, or Trust (no further inspection) decisions on traffic. CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10 Define Your Network Discovery
11 Network Discovery Firepower will automatically build Host Profiles Based on your Network Discovery Firepower Management Center Automatically Generated Host Profiles Network Discovery Services Applications Vulnerabilities Protocols Ports Operating Systems Managed Device CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12 Network Discovery Processing Order But this only occurs here Further Inspection Traffic Flow Fast Path Security Intelligence SSL Access Control Network Discovery Malware & File Intrusion Therefore, If traffic does not reach this inspection point no discovery information is captured! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 Is Your Network Discovery Defined? so you must go in and define this policy! Define your network here Did you know? Not defining your Network Discovery can cause you to exceed your host limits! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 Define Your Network 2 nd, Discover to build host profiles Your internal network what you are protecting 1 st ensure this is enabled. In 6.x this is off by default 3 rd, Exclude to prevent host profiles for certain devices Load Balancers, NAT Devices, anything you are not protecting CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15 Identify Traffic to Not Inspect
16 Should You Inspect all Traffic? Probably Not. Traffic not requiring inspection VOIP Backup Scanner How? You use an ACP rule with the trust action to not inspect traffic Elephant flows can cause performance issues! Backup traffic is a prime example You can usually tell you have an elephant flow when you see just one CPU core spike! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 Can You Fast Path Any Traffic?
18 Fast Pathing Traffic is Fast! Fast Pathing traffic is the fastest way to not inspect certain traffic Can also be used to block in certain hardware and configurations Further Inspection Traffic Flow Fast Path Security Intelligence SSL Access Control Network Discovery Malware & File Intrusion This is where fast pathed traffic is processed CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 Fast Pathing Based On Firepower Platform Cisco ASA with FirePOWER Services You fast path differently in each of these three platforms! FirePOWER 7000/8000 Firepower Threat Defense Image for ASA 5500-X*, Firepower 2100, 4100, 9300, VMware, and Amazon Web Services *Excludes AS5585-X CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20 Fast Pathing With ASA Firepower Services Fast Path on the ASA, not in Firepower FirePOWER Yes Receive Packet Ingress Interface Existing Conn. ACL Match Permit Xlate No Yes Yes Inspections Sec. Checks No Drop No Drop No Drop NAT IP Header Egress Interface L3 Route Yes L2 Address Yes XMIT Packet No No Drop Drop CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 Fast Pathing With Firepower 8000 Series 8000 Series devices can use Fast Path Rules defined in Devices tab Fast path rules are slowly going away however use promoted rules instead CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22 Fast Pathing With Firepower 7000/8000 Series 7000/8000 use Promoted ACP Rules to fast path traffic Create ACP rules that: 1. Are Trust, Block, or Block with Reset 2. Have only: VLAN IP Security Zone Port 3. Be placed above all other ACP Rules If the ACP rule meets all these conditions, the rule will be promoted CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 Rule Promotion Example These two rules will automatically be promoted to fast path Notice both are using Port and IP for identifying the traffic, and are placed above all other rules! You wont see this occur in the GUI! This is an automatic system process CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 Promoted ACP Rule Processing 7000/8000 The promoted rules are written in ACP Further Inspection Traffic Flow Fast Path Security Intelligence SSL Access Control Network Discovery Malware & File Intrusion When applied to your Sensor they get automatically pushed to here CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25 Fast Pathing With Firepower Threat Defense FTD Code has a new policy called Prefilter Prefilter uses limited outer-header criteria to quickly process traffic Fast Pathing occurs here Further Inspection Further Inspection Traffic Flow Prefilter Security Intelligence SSL Access Control Access Control Network Discovery Malware & File Intrusion CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 25
26 Base Intrusion Policies
27 Use One of These 3 Base Intrusion Policies Cisco Talos provides and updates Base Polices for you Choose the security approach you wish to have Talos provides updates at least twice a week, and respond to ever-changing security threats in real time Base Policies Connectivity over Security Balanced Security and Connectivity Security over Connectivity Increasing Protection Level CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 Are You Using One of These Base Policies? Maximum Detection Not for use in deployment Do Not Use unless directed to do so! No Rules Active Often used if planning to use Firepower Recommendations to turn rules on based on your environment Tip! If you plan to use Firepower Recommendations to adjust SNORT rule states, it is best to start with Security Over Conn and use the recommendations to adjust these in a layer Note: Talos rule updates do not automatically affect no rules active, and you will no longer have the advantage of Talos input for the rule states CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 28
29 Define Your HOME_NET Variable
30 Did You Define HOME_NET? HOME_NET is used in the majority of your SNORT rules Defining HOME_NET will significantly tune your system and reduce false positives This is one of the most important settings to configure! Look! This is defined as any you need to go in and define this with your internal and protected networks CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 EXTERNAL_NET
32 Did You Define EXTERNAL_NET? EXTERNAL_NET defines what is outside your network This is any by default You have two options: Define as not HOME_NET (!HOME_NET) Or Leave as any CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 32
33 Defining EXTERNAL_NET as!home_net is Popular, But Not Always Appropriate If you define EXTERNAL_NET as!home_net you will miss some internally-based attacks, but will notice a significant performance gain Be careful If you defined EXTERNAL_NET as!home_net and associated it to traffic originating from inside your network CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34 Remember, Variables Are Assigned to Intrusion Policies in ACP Rules And therefore you can have multiple definitions! You choose the variable set here! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 So Consider Using Multiple EXTERNAL_NET Definitions Create a definition of EXTERNAL_NET as!home_net for traffic from outside your network to the inside of your network Leave EXTERNAL_NET as any for traffic that is Internal to Internal You can do this with Security Zones in your ACP rules! Traffic Flow ACP Rule 1 ACP Rule 2 EXTERNAL_NET set to any EXTERNAL_NET set to!home_net Access Control Sec over Conn Balanced ACP Rule 3 EXTERNAL_NET set to any CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 Tune Your Connection Events
37 Remember The Logging Flow Connection Events sent to Firepower Management Center Did you know Event Viewer refers to your Firepower Management Center? Traffic Flow Note: If connection logging is not enabled, no connection events are sent to the Firepower Management Center! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38 But Should You Log All Connection Events? Probably Not. If you are logging all traffic, you will likely have poor retention times and could overwork your FMC So, create ACP rules to identify traffic you do not wish to log on! The best way to do this create a DNS query ACP rule that does not log connection events! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39 Final Considerations!
40 Are You Aware? Security Intelligence Whitelists are only for overriding a Blacklist entry Whitelisted traffic is NOT trusted This traffic will continue through inspection! Did you know? In order to take advantage of DNS Security Intelligence (New in 6.x) you must first create a DNS and associate that policy to your ACP CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 40
41 And Lastly Turn it on here Use Adaptive Profiles This will reassemble IP fragments and Streams based on the OS seen in the Host Profile Do not modify or change your Network Analysis unless under guidance Leave this alone unless under expert guidance! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. Complete your session surveys through the Cisco Live mobile app or on Don t forget: Cisco Live sessions will be available for viewing on demand after the event at Cisco and/or its affiliates. All rights reserved. Cisco Public
43 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44 Thank you
45
Monitoring the Device
The system includes dashboards and an Event Viewer that you can use to monitor the device and traffic that is passing through the device. Enable Logging to Obtain Traffic Statistics, page 1 Monitoring
More informationCisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339
Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339 Agenda Introduction to Lab Exercises Platforms and Solutions ASA with
More informationSourcefire Network Security Analytics: Finding the Needle in the Haystack
Sourcefire Network Security Analytics: Finding the Needle in the Haystack Mark Pretty Consulting Systems Engineer #clmel Agenda Introduction The Sourcefire Solution Real-time Analytics On-Demand Analytics
More informationAccess Control Using Intrusion and File Policies
The following topics describe how to configure access control policies to use intrusion and file policies: Intrusions and Malware Inspection Overview, page 1 Access Control Traffic Handling, page 2 File
More informationGetting Started with Access Control Policies
Getting Started with Control Policies The following topics describe how to start using access control policies: Introduction to Control, page 1 Managing Control Policies, page 6 Creating a Basic Control
More informationConnection Logging. Introduction to Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: Introduction to, page 1 Strategies, page 2 Logging Decryptable Connections
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationNXOS in the Real World Using NX-API REST
NXOS in the Real World Using NX-API REST Adrian Iliesiu Corporate Development Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationCisco Tetration Analytics
Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:
More informationConnection Logging. About Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: About, page 1 Strategies, page 2 Logging Decryptable Connections with SSL
More informationThe following topics describe how to manage various policies on the Firepower Management Center:
The following topics describe how to manage various policies on the Firepower Management Center: Policy Deployment, page 1 Policy Comparison, page 11 Policy Reports, page 12 Out-of-Date Policies, page
More informationIntroduction to Cisco ASA to Firepower Threat Defense Migration
Introduction to Cisco ASA to Firepower Threat Defense Migration This guide describes how to use Cisco s migration tool to migrate firewall policy settings from your Cisco ASA to a Firepower Threat Defense
More informationCisco Next Generation Firewall Services
Toronto,. CA May 30 th, 2013 Cisco Next Generation Firewall Services Eric Kostlan Cisco Technical Marketing 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Objectives At the
More informationAccess Control Using Intrusion and File Policies
The following topics describe how to configure access control policies to use intrusion and file policies: About Deep Inspection, page 1 Access Control Traffic Handling, page 2 File and Intrusion Inspection
More information* Knowledge of Adaptive Security Appliance (ASA) firewall, Adaptive Security Device Manager (ASDM).
Contents Introduction Prerequisites Requirements Components Used Background Information Configuration Step 1. Configure Intrusion Policy Step 1.1. Create Intrusion Policy Step 1.2. Modify Intrusion Policy
More informationDevice Management Basics
The following topics describe how to manage devices in the Firepower System: The Device Management Page, on page 1 Remote Management Configuration, on page 2 Add Devices to the Firepower Management Center,
More informationAdvanced Firepower IPS Deployment
Advanced Firepower IPS Deployment Gary Halleen, Technical Solutions Architect BRKSEC-3300 Webex Teams Questions? Use Webex Teams to chat with the speaker after the session How 1 2 3 4 Find this session
More informationDeploying Intrusion Prevention Systems
Deploying Intrusion Prevention Systems Gary Halleen Consulting Systems Engineer II Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS
More informationClarify Firepower Threat Defense Access Control Policy Rule Actions
Clarify Firepower Threat Defense Access Control Policy Rule Actions Contents Introduction Prerequisites Requirements Components Used Background Information How ACP is Deployed Configure ACP Available Actions
More informationPSOACI Tetration Overview. Mike Herbert
Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion
More informationIntelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010
Intelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010 Agenda Challenges Architectures Cisco IWAN Proof Points Challenges Application landscape is changing Applications Are Moving to
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationConfigure FTD Interfaces in Inline-Pair Mode
Configure FTD Interfaces in Inline-Pair Mode Contents Introduction Prerequisites Requirements Components Used Background Information Configure Inline Pair Interface on FTD Network Diagram Verify Verify
More informationConfiguration and Operation of FTD Prefilter
Configuration and Operation of FTD Prefilter Policies Contents Introduction Prerequisites Requirements Components Used Background Information Configure Pre-filter Policy Use Case 1 Pre-filter Policy Use
More informationDissecting Firepower-FTD & Firepower-Services Design & Troubleshooting
BRKSEC-3455 Dissecting Firepower-FTD & Firepower-Services Design & Troubleshooting Foster Lipkey, Technical Leader Veronika Klauzova, TAC Tech Lead Cisco Spark How Questions? Use Cisco Spark to communicate
More informationUnderstanding HTTPS to Decrypt it
Understanding HTTPS to Decrypt it James Everett Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join
More informationChapter 6: IPS. CCNA Security Workbook
Chapter 6: IPS Technology Brief As the awareness of cyber and network security is increasing day by day, it is very important to understand the core concepts of Intrusion Detection/Defense System (IDS)
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationDNA Automation Services Offerings
DNA Automation Services Offerings Jamie Owen, Solutions Architect, Cisco Advanced Services Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationAdvanced IPS Deployment
Advanced IPS Deployment Gary Halleen, Technical Solutions Architect BRKSEC-3300 About your Speaker Gary Halleen gary@cisco.com Technical Solutions Architect Cisco Global Security Sales Organization Oregon
More informationTRex Realistic Traffic Generator
DEVNET-1120 TRex Realistic Traffic Generator Hanoch Haim, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco
More informationDevice Management Basics
The following topics describe how to manage devices in the Firepower System: The Device Management Page, on page 1 Remote Management Configuration, on page 2 Adding Devices to the Firepower Management
More informationDNS Policies. DNS Policy Overview. The following topics explain DNS policies, DNS rules, and how to deploy DNS policies to managed devices.
The following topics explain DNS policies, DNS rules, and how to deploy DNS policies to managed devices. DNS Policy Overview, page 1 DNS Policy Components, page 2 DNS Rules, page 6 DNS Policy Deploy, page
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationDesign and Deployment of SourceFire NGIPS and NGFWL
Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the
More informationDevice Management Basics
The following topics describe how to manage devices in the Firepower System: The Device Management Page, page 1 Remote Management Configuration, page 2 Adding Devices to the Firepower Management Center,
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationCisco ASA with FirePOWER Services
Cisco ASA with FirePOWER Services TDM Thomas Jankowsky Consulting Systems Engineer May 2015 Introduction Industry s First Threat-Focused Next-Generation Firewall (NGFW) Proven Cisco ASA firewalling Industry-leading
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationRouting Underlay and NFV Automation with DNA Center
BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationConfiguring Firepower Threat Defense interfaces in Routed mode
Configuring Firepower Threat Defense interfaces in Routed mode Contents Introduction Prerequisites Requirements Components Used Background Information Configure Network Diagram Configure a Routed Interface
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, page 1 Service Subscriptions for Firepower Features, page 1 Classic Licensing for the Firepower System,
More informationPrefiltering and Prefilter Policies
The following topics describe how to configure prefiltering: Introduction to Prefiltering, on page 1 Prefiltering vs Access Control, on page 2 About Prefilter Policies, on page 4 Configuring Prefiltering,
More informationTetration Hands-on Lab from Deployment to Operations Support
LTRACI-2184 Tetration Hands-on Lab from Deployment to Operations Support Furong Gisiger, Solutions Architect Lawrence Zhu, Sr. Solutions Architect Cisco Spark How Questions? Use Cisco Spark to communicate
More informationDissecting Firepower-FTD & Firepower-Services Design & Troubleshooting
Dissecting Firepower-FTD & Firepower-Services Design & Troubleshooting Veronika Klauzova BRKSEC-3455 Agenda Introduction Updated FTD Packet Flow Data-Path Improvements Best Practices for Deployments Troubleshooting
More informationGetting Started with Network Analysis Policies
The following topics describe how to get started with network analysis policies: Network Analysis Policy Basics, page 1 Managing Network Analysis Policies, page 2 Network Analysis Policy Basics Network
More informationCloud-Managed Security for Distributed Networks with Cisco Meraki MX
Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Joe Aronow, Product Architect Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationAMP for Endpoints & Threat Grid
AMP for Endpoints & Threat Grid Response & Prevention Dean De Beer & Eric Hulse BRKSEC-2029 AMP Threat Grid Malware Analysis Engines & Techniques A little background Malware Analysis & Threat Intelligence
More informationKey Security Measures to Enable Next-Generation Data Center Transformation
Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc. Agenda Data Center Security Challenges Secure DC Strategies
More informationThe following topics describe how to configure correlation policies and rules.
The following topics describe how to configure correlation policies and rules. Introduction to and Rules, page 1 Configuring, page 2 Configuring Correlation Rules, page 5 Configuring Correlation Response
More informationHost Identity Sources
The following topics provide information on host identity sources: Overview: Host Data Collection, on page 1 Determining Which Host Operating Systems the System Can Detect, on page 2 Identifying Host Operating
More informationConfiguration Import and Export
The following topics explain how to use the Import/Export feature: About Configuration Import/Export, page 1 Exporting Configurations, page 3 Importing Configurations, page 4 About Configuration Import/Export
More informationNetwork Discovery Policies
The following topics describe how to create, configure, and manage network discovery policies: Overview:, page 1 Network Discovery Customization, page 2 Network Discovery Rules, page 3 Configuring Advanced
More informationIntroduction to Cisco IoT Tools for Developers IoT 101
Introduction to Cisco IoT Tools for Developers IoT 101 Mike Maas, Technical Evangelist, IoT, DevNet Angela Yu, Technical Leader DEVNET-1068 Agenda The Cisco IoT System Distributing IoT Applications Developer
More informationAccess Control. Access Control Overview. Access Control Rules and the Default Action
The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,
More informationAPIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks
APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks Saurav Prasad Technical Marketing Engineer CTHNMS-1002 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Education Services administration course The McAfee Network Security Platform Administration course from McAfee Education Services is an essential
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationCloudCenter for Developers
DEVNET-1198 CloudCenter for Developers Conor Murphy, Systems Engineer Data Centre Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More informationResilient WAN and Security for Distributed Networks with Cisco Meraki MX
Resilient WAN and Security for Distributed Networks with Cisco Meraki MX Daghan Altas, Director of Product Management BRKSEC-2900 Agenda Problem Cisco CNG Live network creation demo (45m) Product Brief
More informationFeatures and Functionality
Features and functionality introduced in previous versions may be superseded by new features and functionality in later versions. New or Changed Functionality in Version 6.2.2.x, page 1 Features Introduced
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Next Generation Security John Tzortzakakis Security Solutions Architect, Security Business Group November 2014 Threat Landscape evolution 60% of data is
More informationRadware: Anatomy of an IoT Botnet and Economics of Defense
BRKPAR-4000 Radware: Anatomy of an IoT Botnet and Economics of Defense Eric Grubel Anatomy of an IoT Botnet and Economics of Defense Eric Grubel VP, Business Development January 2018 Theme of Discussion
More informationFirePOWER: Advanced Configuration and Tuning
FirePOWER: Advanced Configuration and Tuning Charlie Stokes Security Technical Marketing Engineer Agenda Introduction FirePOWER Appliances and Modules Before: Changes to Policy During: Changing how the
More informationCisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016
Cisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016 Agenda Security Challenges Design and Integration Compliance Guidance Cloud Data Center Security Challenges
More informationBenefits of SDN Modeling and Analytics tool for complex Service Provider Network
Benefits of SDN Modeling and Analytics tool for complex Service Provider Network George Backer, Senior Director, Charter Communications Manish Jani, Senior Architect, Cisco Systems BRKNMS-1010 BRKNMS-1010
More informationYour API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests
DEVNET-1631 Your API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests Adam Kalsey, Spark Developer Relations Cisco Spark How Questions? Use Cisco Spark to communicate
More informationBGP in the Enterprise for Fun and (fake) Profit: A Hands-On Lab
BGP in the Enterprise for Fun and (fake) Profit: A Hands-On Lab Michael Kowal, Principal Systems Engineer, @ciscomk Dash Thompson, Systems Engineer, @dash_thompson Abel Ramirez, Systems Engineer, @ramirezabel21
More informationIntroducing Cisco Network Assurance Engine
BRKACI-2403 Introducing Cisco Network Assurance Engine Intent Based Networking for Data Centers Sundar Iyer, Distinguished Engineer Head Cisco Network Assurance Engine Team Dhruv Jain, Director of Product
More informationHands-On with IoT Standards & Protocols
DEVNET-3623 Hands-On with IoT Standards & Protocols Casey Bleeker, Developer Evangelist @geekbleek Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationNext generation branch with SD-WAN and NFV
Next generation branch with SD-WAN and NFV Kiran Ghodgaonkar, Senior Manager, Enterprise Marketing Mani Ganeson, Senior Product Manager PSOCRS-2004 @ghodgaonkar Cisco Spark How Questions? Use Cisco Spark
More informationA Deep Dive into the Firepower Manager
A Deep Dive into the Firepower Manager William Young, Security Solutions Architect willyou@cisco.com @WilliamDYoung BRKSEC-2058 Just some Security Guy William Young Security Solutions Architect, Cisco
More informationPass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS
Pass4sure.500-285.42q Number: 500-285 Passing Score: 800 Time Limit: 120 min File Version: 6.1 Cisco 500-285 Securing Cisco Networks with Sourcefire IPS I'm quite happy to announce that I passed 500-285
More informationDemystifying Machine Learning
Demystifying Machine Learning Dmitry Figol, WW Enterprise Sales Systems Engineer - Programmability @dmfigol CTHRST-1002 Agenda Machine Learning examples What is Machine Learning Types of Machine Learning
More informationMulticast Troubleshooting
Multicast Troubleshooting Denise Fish Fishburne Customer Proof of Concept Team Lead CCIE #2639, CCDE 2009:0014 BRKIPM-2264 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the
More informationAbout Advanced Access Control Settings for Network Analysis and Intrusion Policies
Advanced Access Control Settings for Network Analysis and Intrusion Policies The following topics describe how to configure advanced settings for network analysis and intrusion policies: About Advanced
More informationIntroduction to Cisco ASA Firewall Services
Firewall services are those ASA features that are focused on controlling access to the network, including services that block traffic and services that enable traffic flow between internal and external
More informationAccess Control. Access Control Overview. Access Control Rules and the Default Action
The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,
More informationGet Hands On With DNA Center APIs for Managing Intent
DEVNET-3620 Get Hands On With DNA Center APIs for Managing Intent Adam Radford Distinguished Systems Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationTask Scheduling. Introduction to Task Scheduling. Configuring a Recurring Task
The following topics explain how to schedule tasks: Introduction to, on page 1 Configuring a Recurring Task, on page 1 Scheduled Task Review, on page 17 Introduction to You can schedule many different
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationFirepower Management Center High Availability
The following topics describe how to configure Active/Standby high availability of Cisco Firepower Management Centers: About, on page 1 Establishing, on page 7 Viewing Status, on page 8 Configurations
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter
More informationMaximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
More informationMigrating Applications with CloudCenter
Migrating Applications with CloudCenter Tuan Nguyen, Technical Marketing Engineer, Insieme BU DEVNET-1179 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this
More informationMcAfee Web Gateway Administration Intel Security Education Services Administration Course Training
McAfee Web Gateway Administration Intel Security Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction
More informationCisco Security Monitoring, Analysis and Response System 4.2
Q&A Cisco Security Monitoring, Analysis and Response System 4.2 GENERAL Q. What is the Cisco Security Monitoring, Analysis and Response System? A. The Cisco Security Monitoring, Analysis and Response System
More informationManaging Latency in IPS Networks
Revision C McAfee Network Security Platform (Managing Latency in IPS Networks) Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended settings
More informationMcAfee Web Gateway Administration
McAfee Web Gateway Administration Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction to the tasks crucial
More informationFully Integrated, Threat-Focused Next-Generation Firewall
Cisco Firepower NGFW Fully Integrated, Threat-Focused Next-Generation Firewall Fuat KILIÇ, fkilic@cisco.com, +905339284608 Security Consulting Systems Engineer, CCIE #21150 September 2016 Get ahead of
More informationGit, Atom, virtualenv, oh my! Learn about dev tools to live by!
BRKDEV-2633 Git, Atom, virtualenv, oh my! Learn about dev tools to live by! Ashley Roach, Principal Engineer Evangelist Agenda Introduction Why are developer tools useful? What s in the toolbelt? Tool
More informationCisco UCS Agentless Configuration Management Ansible or Microsoft DSC
DEVNET-2916 Cisco UCS Agentless Configuration Management Ansible or Microsoft DSC John McDonough, Technical Leader Developer Evangelist Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationCisco Threat Intelligence Director (TID)
The topics in this chapter describe how to configure and use TID in the Firepower System. Overview, page 1 Requirements for Threat Intelligence Director, page 4 How To Set Up, page 6 Analyze TID Incident
More informationDEVNET Introduction to Git. Ashley Roach Principal Engineer Evangelist
DEVNET-1080 Introduction to Git Ashley Roach Principal Engineer Evangelist Twitter: @aroach Email: asroach@cisco.com Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the
More information